10-Nov-2022 18:25
I have the following need in the "Saml attribute" settings of the SAML IDP server, I need a variable to assign in the apm, filtering all groups that contain the XYZ text, and each value being delivered as a separate string follows below as needed, and how the f5 delivers.
11-Nov-2022 04:00 - edited 11-Nov-2022 04:01
Hi @ruancarloss,
you would use a Variable Assign in the Visiual Policy Editor and use a custom expression to filter for AD Groups with the string XYZ.
Here is very simple example, starting with the Access Policy.
And here is the Variable Assign (in my example I filter for all AD Groups with the string test and store them in the custom variable session.custom.mygroups.
set list "|";
foreach element [split [mcget {session.ad.last.attr.memberOf}] "|"] {
if { $element contains "test"} {
append list "$element|";
}
}
return $list;
The IdP configuration then uses my custom variable session.custom.mygroups for the SAML attribute MyGroups.
The resulting SAML token has the following attributes:
Does this answer your question?
KR
Daniel
11-Nov-2022 04:51
the loop created works and thank you.
However I need only the CN value to be delivered.
enjoying your scenery, the script delivers:
* CN=testgruppe1,OU=grou.....
* CN=testgruppe2,OU=grou.....
would have to customize for the output to be:
* testgroupp1
* testgrouppe2
Thank you for your help
11-Nov-2022 05:45
The example below I had more or less ready for copy&paste.
I think you could use the trim command to customize the output to your desired format.
Take a look here